The Department of Justice has charged and arrested two Sudanese brothers with operating Anonymous Sudan, a hacker group known for destructive website takedowns.

Why it matters: The indictment, unsealed Wednesday, paints the clearest picture of who was running the mysterious Anonymous Sudan hacking group — which has launched more than 35,000 attacks in the last year against hospitals, government offices and other major organizations.

Driving the news: A grand jury indicted Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer with a count of conspiracy to damage protected computers.

• Ahmed Omer was also charged with three counts of damaging protected computers.
• The FBI and the U.S. Attorney’s Office for the Central District of California seized Anonymous Sudan’s hacking tool, according to a press release.
• The Washington Post reported that officials arrested the duo abroad in March.

Threat level: Anonymous Sudan’s attacks have caused more than $10 million in damage to U.S. organizations, according to federal officials.

• Anonymous Sudan’s victim list spans sectors and includes several high-profile names: Cloudflare, Microsoft, OpenAI and even the FBI itself.
• Cedars-Sinai Medical Center in Los Angeles had to redirect emergency room patients to other hospitals for treatment.

The big picture: Anonymous Sudan has been a mystery to security researchers for a little more than a year.

• The group is mostly politically motivated, unlike other cybercriminal groups where money is the prime motivator.
• But the group has been far more prolific than the typical political hacking group. At times, security researchers had even assumed the group was a front for pro-Russia political hackers.
• However, officials told the Post they don’t believe a third party, including a government, was financing or supporting the group’s work.

What they’re saying: “What’s unusual is the predominance of the ideological motive, with financial sprinkled in,” Martin Estrada, U.S. attorney for the Los Angeles region, told the Post.

How it works: Anonymous Sudan targeted victims in distributed denial-of-service attacks — where hackers overload internet-enabled devices with bot traffic until they’re inaccessible.

• While suffering a website outage might not sound too bad, the repercussions can be huge. Customers may not be able to make payments online and corporations may not be able to access cloud servers.
• Anonymous Sudan would demand victims pay a ransom to make the attack end, according to court filings.

• Some of these victims sustained millions of dollars in losses from these attacks, according to a criminal complaint unsealed Wednesday.

Between the lines: Anonymous Sudan was also selling its tool to other hacking groups looking to launch their own large-scale DDoS attacks, according to the complaint.

• More than 100 users have used the tool — known as Godzilla Botnet, Skynet Botnet and InfraShutdown — to deploy their own DDoS attacks, per federal officials.
• This is also unusual: Building and selling hacker tools is more common in the cybercrime world and rarely seen in the political hacking space.

Zoom in: The private sector played a prominent role in helping the FBI identify the people running this group.

• PayPal’s own internal investigation after its attack uncovered certain accounts tied to Anonymous Sudan, according to the complaint.
• Those accounts then helped the FBI identify potential email addresses linked to Ahmed Omer, specifically, according to the affidavit.

What’s next: If convicted, Ahmed Omer could face a maximum sentence of life in prison, while Alaa Omer could face a maximum of five years.